Tax breaks for cybersecurity firms?

WASHINGTON--Congress may offer tax breaks to companies that adopt good cybersecurity standards, the chairman of a House of Representatives subcommittee said Tuesday.

But in legislating cybersecurity guidelines, lawmakers should avoid heavy-handed regulations, Rep. Dan Lungren, a California Republican, said in a lunch speech here.

"My fear is if we do that, we'll stifle innovation," he said. "How can we predict what the best way will be (to manage cybersecurity) in most of these instances?"

Lungren said the U.S. House of Representatives cybersecurity subcommittee, which he chairs, is working on crafting an "overall view of ways we can work with the private sector" to develop cybersecurity tools, including the possibility of creating an incentive-based system.

Lawmakers also plan to address liability concerns, he said, as they want to allow companies to take some risks in coming up with new cybersecurity tools without having to worry about being sued if they fall short.

Andy Purdy, acting director of the Department of Homeland Security's National Cybersecurity Division, said in a speech that his agency is also working closely with the private sector to equip itself for responding to cyberattacks.

Purdy said he expects Homeland Security Secretary Michael Chertoff to announce "in the near future" the appointment of an assistant secretary for cybersecurity and telecommunications--a position approved by Congress during the spring. That official would be in charge of coordinating cybersecurity efforts among different agencies and research groups, Purdy said.

The agency, which has already flunked a cybersecurity preparedness test, is also gearing up for a November exercise, dubbed Cyberstorm, intended to give the government a chance to role-play its way through a mock cyberattack.